Google is making a strong push as the holidays draw closer to sell Chromebook laptops. There’s a reason they only cost a couple hundred bucks: they don’t do anything. They’re just a Chrome browser and an operating system inside a notebook. They run Google software through the cloud, and you have to buy special parallels if you want to print anything.

But here’s why you really shouldn’t buy one.

USA Today reported recently that the Chrome browser poses a massive local security risk:

The flaw comes into play anytime you type personal information into webforms at trusted websites or directly into the Chrome browser address bar.

Researchers found that Chrome’s caching mechanism routinely stores names, e-mail addresses, street addresses, phone numbers, bank account numbers, social security numbers and credit card numbers directly onto your hard drive in plain text — without your knowledge or consent….

It’s trivial for anyone with physical access to your computer to view and copy all of this sensitive personal data. What’s worse, any bad guy who has lured you into installing a data-stealing Trojan on your computer can also easily harvest this very sensitive data.

But aside from your personal data being at risk when someone steals your new Chromebook you thought was such a deal, the NSA’s recent interception of Google and Yahoo! user data should also push you away from Chromebook. Ars Technica explained:

…no one will be happier than the National Security Agency (NSA) and law enforcement. While Google’s cloud computing has provided a platform for the company to grab a big chunk of the low-cost notebook market and upend Microsoft’s Windows applecart, the recent NSA leaks by Edward Snowden have put the cloud under… a cloud….

As far as endpoints go, I’d agree that the Chromebook is far less insecure than many other platforms; but the point I’m trying to make has nothing to do with the Chromebook’s local security and everything to do with the already well-demonstrated issues around cloud privacy. I could have just as well written an article entitled “Why the NSA loves (fill in name of public cloud service here),” but Chromebook is unique in its tethering to a single set of cloud services over web protocols. When used with the best practices for web security, the Chromebook is secure against most direct attacks on the local hardware and the Chrome browser, but its dependence on a web-based backend where US courts have already ruled there’s less of an expectation of privacy is something no amount of end-point security is going to fix.

You get what you pay for, you know? Don’t get Chromeholed this Christmas!

http://www.glassholes.com/post/67691368160/caveat-emptor-chromebook-edition